Docs

Search

Type to search documentation...

Authentication

Learn how to authenticate with the Ajrly API using API keys, OAuth 2.0, and JWT tokens.

All API requests require authentication. Choose the method that best fits your use case.

API Keys

API keys are the simplest way to authenticate. They’re best suited for server-to-server communication.

Generating an API Key

  1. Go to Settings → API Keys
  2. Click Create New Key
  3. Give it a descriptive name and set permissions
  4. Copy the key — it won’t be shown again

Using API Keys

Include the key in the Authorization header:

curl -X GET https://api.ajrly.com/v1/projects \
  -H "Authorization: Bearer sk_live_abc123def456"
const response = await fetch('https://api.ajrly.com/v1/projects', {
  headers: {
    Authorization: 'Bearer sk_live_abc123def456',
  },
});
const data = await response.json();
import requests

response = requests.get(
'https://api.ajrly.com/v1/projects',
headers={'Authorization': 'Bearer sk_live_abc123def456'}
)
data = response.json()

OAuth 2.0

Use OAuth 2.0 when your application needs to access resources on behalf of a user.

Authorization Flow

  1. Redirect the user to the authorization URL
  2. User grants permission
  3. Receive an authorization code
  4. Exchange the code for an access token

GET https://auth.ajrly.com/authorize
?client_id=your_client_id
&redirect_uri=https://yourapp.com/callback
&response_type=code
&scope=read write

Token Exchange

curl -X POST https://auth.ajrly.com/token \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "authorization_code",
    "code": "auth_code_here",
    "client_id": "your_client_id",
    "client_secret": "your_client_secret",
    "redirect_uri": "https://yourapp.com/callback"
  }'

Token Response

{
  "access_token": "at_live_abc123",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "rt_live_xyz789",
  "scope": "read write"
}

JWT Tokens

JWT tokens are used for session-based authentication, typically in web and mobile applications.

Token Structure

Ajrly JWTs contain:

  • sub — User ID
  • org — Organization ID
  • exp — Expiration timestamp
  • iat — Issued at timestamp
  • scope — Granted permissions

Scopes

Control access granularity with scopes:

ScopeDescription
readRead access to all resources
writeWrite access to all resources
projects:readRead access to projects
projects:writeWrite access to projects
team:manageTeam management permissions
billing:readRead billing information

Security Best Practices

  • Rotate API keys regularly
  • Use the minimum required scopes
  • Store secrets in environment variables
  • Implement token refresh logic
  • Monitor API key usage in your dashboard
Last updated: February 28, 2026 Edit this page on GitHub

Was this page helpful?